Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dlink Subscribe
Filtered by product Central Wifimanager
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13372 1 Dlink 1 Central Wifimanager 2023-02-28 7.5 HIGH 9.8 CRITICAL
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
CVE-2018-15515 1 Dlink 1 Central Wifimanager 2019-10-02 7.2 HIGH 7.8 HIGH
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
CVE-2019-13374 2 Dlink, Microsoft 2 Central Wifimanager, Windows 2019-07-09 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.
CVE-2019-13375 2 Dlink, Microsoft 2 Central Wifimanager, Windows 2019-07-09 7.5 HIGH 9.8 CRITICAL
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.
CVE-2019-13373 2 Dlink, Microsoft 2 Central Wifimanager, Windows 2019-07-09 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.